Preparing for and Executing Incident Recovery

Whenever an incident happens, you have to figure out the “Who, What, Where, When”. This course will help you understand how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag.

Cybersecurity investigations are used to determine what events, changes, and other actions have happened on a device, who or what performed them, and what data is stored there. In this course, Preparing for and Executing Incident Recovery, you'll leanr how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag. First you'll learn how to be ready to conduct your own forensic investigations. Next, you'll learn what computer forensic techniques are used in a variety of scenarios, including police investigations, system misuse, compromise and malware analysis, and investigations related to internal policy violations. Then, you'll learn about how to create your own forensics kit, their contents, and the use of these devices and tools. Finally, you'll be shown some forensic suites and tools that provide you what you'll need to capture and preserve forensics data and to perform forensic investigations. By the end of this course, you will have discovered and developed new skills to tackle many cyber-security scenarios.

Topics:

• Course Overview
• Your Objectives Here
• What Should Be in Your “Jump-bag”?
• What About the Digital “Jump-bag”
• Understanding the Incident Recovery Process
• The Techniques of Recovery: Containment
• The Techniques of Recovery: Eradication
• The Techniques of Recovery: Validation and Corrective Actions
• That’s a Wrap